CVE-2022-4396: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 10, 2022 (updated November 7, 2023)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e
github.com/RDFLib/pyrdfa3/pull/40
nvd.nist.gov/vuln/detail/CVE-2022-4396
vuldb.com/?id.215249

Code Behaviors & Features

Detect and mitigate CVE-2022-4396 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →